I am using jQuery and prototype libarary fro this project.

I have this code so far:

HTML:

<div id="cnt"></div> <input type ="text" id="bla" name="tct"/>
Javascript:

if(e.keycode == 13){
    var text = document.getElementById('#bla');
    text= $('#bla').val();
    //text.evaljson();
    //I put a comment because it gives me error "badly formed json string"
    $('#cnt').append(text); 
   }

When I place some code like <script> alert('hello world');</script> it gets executed.

How can I remove it?

Recommended Answers

In addition, you could use document.createTextNode():

$('form').on('change', function (e) {
    var text = $('#bla').val();
    $('#cnt').append(document.createTextNode(text));
});

Example: http://jsfiddle.net/u6pqhjzy/
Documentation:

Jump to Post

All 6 Replies

your example giving me error of csrf. here is tht error
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.

Member Avatar

Sounds llke an issue with form submission. You sure it.s to do with this?

i run his example and i putvalue in textbox and hit entere then there come that error. u can check urself

Member Avatar

Take off the form tags and

$('#bla').on('change', function () {
    var text = $('#bla').val();
    $('#cnt').append(document.createTextNode(text));
});
Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.21 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.